Blog

Botting Scrabble Boggle for Fame and Fortune

This is a followup to an earlier post about botting Flash games.

Arguably the easiest game to bot on WorldWinner / GSN Cash Games is called Scrabble Boggle.

scrabble-boggle

This is a post about my bot to play this, showing off a demo video, a little bit about how it works, and what scores are believable for us humans.

And the title? I really might be famous in the WorldWinner risk department. They let me keep half my bot winnings ($60 🙂 ).

Video demo

What are human scores like?

My take - a good human score for this game is about 300.

With a Boggle solver open in another tab, you might be able to crack 900.

This bot I'm releasing can exceed 5000. I know, because I did it and got banned.

worldwinner-ban-facebook-message

Keep it under 5000, guys.

How does the bot work?

Using image recognition - you'll see a folder full of letter images - it figures out what letters are on your screen and where on the board they are.

The bot has a list of official Scrabble words. Using some recursion, it figures out every valid word that can be made on your board.

Finally, with a GUI automation library, it automatically enters the valid words for you. It will do this indefinitely until you move the mouse to the upper left corner of the screen.

(The Github repo has more technical details like the specific Python libraries, etc)

Can this make money?

As far as I know, this game is still up on WorldWinner. I'm of the opinion that they should remove this game from their site because of how easy it is to automate. You'll see a lot of players with scores higher than those I described as being humanly possible above.

But until that happens - in theory you can go there right now and pit this bot against humans.

Cautionary closing

The Github repo has the code and some instructions on getting this to run.

I've mentioned this before - WorldWinner banned me for getting crazy with the bot. They really should remove this game and maybe this release will drive that.

worldwinner-ban

WorldWinner ended up refunding me about half my account balance, which still resulted in some profit from the bot's performance. This genuinely surprised me and I wouldn't take that for granted. Assume no payouts if you get banned.

Intro to Botting Flash Games

Recently I've been enthused with botting Flash games. It's a good software engineering exercise, and can make you some money.

To get this definition out of the way - a "bot" is a computer program that plays a game for you.

game-bot-wins

Approaches to game botting

I see three approaches to botting a Flash game.

1 - interpret the screen with computer vision algorithms, then program clicks or keystrokes to happen after that in a loop. This is probably the most "human" method.

2 - read memory values to interpret the game state, then program clicks or keystrokes to happen after that in a loop. A "hybrid" approach between the previous one and the next one.

3 - script the reading and alteration of memory. Here you're essentially not playing the game at all, just hacking it. Like you could locate the memory value for your score, change it to whatever, and then carry on.

For the sites I'm about to mention, since you're playing for money, #3 won't work. There's a lot of server-side pinning of values. Altering the game in the #3 approach will only affect the client.

Fellow nerds might ask "can't I just intercept and modify the traffic with Wireshark or Fiddler?!?" Try it and see how little information you get from the Flash stream.

Approach #1 is what I've had success with thus far. #2 becomes difficult because you're trying to locate all these values in memory and God knows what they are.

However, I will recommend Nick Cano's excellent book which applies mostly to approach #3 (sort of #2 also). He signed a copy for me at Defcon 24. Great read on memory manipulation and more.

game-hacking-nick-cano
Image credit - No Starch

Why this is a great programming exercise

You've got computer vision algorithms to write for game state interpretation, back-end algos for figuring out what to do in the game, then keystrokes and clicks to script. Maybe your bot's workable at that point but you run into issues - time for optimization. And how do you know if it's working? Unit tests. How do you know if it's slow? Benchmarking.

Game botting just really engages the full breadth of software engineering. Plus the money aspect can incentivize you a bit. 🙂

Where to bot games for money

The obvious answer to this question would be online casinos. You could skirt present online gaming laws (for the U.S.) by choosing Bitcoin casinos and/or using a VPN.

However, casino games have an edge built into them. The best skilled players would still have a hard time making a profit. You can count cards all you want in 8-deck blackjack, it's not going to matter.

On our topic of Flash games, there are a couple reputable sites where players engage in "casual" games against each other. Each puts up a little money before hand, and the winner makes out. The host website takes a rake off the pot like poker.

Example - Player A pays $0.88, player B pays $0.88 then they play their game. Player A wins and receives $1.30. The host website made $0.46 off the match up.

And here are the sites.

Worldwinner.com - this is affiliated with GSN, the game show TV network.

Royalgames.com - this is affiliated with King Games, the firm that brought you Candy Crush Saga and some other well-known phone games.

These are where you could potentially profit off of making good Flash game bots.

I've read various complaints that these sites will freeze your money if they suspect you of botting. I cannot personally confirm this.

worldwinner-soft-ban

Closing

I hope this is enough to get you going for now. Be on the lookout for source code and video from me in the future.

Card Dealers, Baristas, and Robots

CoffeeHandAndRobot

There's an interesting bunch of jobs that can be easily replaced by robots... but won't.

Running casino games. Making and selling coffee. It's really easy to automate those into oblivion, putting a lot of people out of a job.

I foresee technology entering these realms, for sure, but not truly replacing people.

My related background

I went to blackjack school, am certified to deal casino games, and did that on graveyard shift a whole summer. Respect your dealers because they put up with some serious shit. For the longest time I also thought my destiny was being a C-suite gaming executive.

Related post: The Perfect Casino

On the other hand, I have a bachelor's degree in computer science, taught myself web development, and have since held a slew of technical positions. Currently I'm a software engineer at Lockheed Martin focusing on unmanned systems.

Why not entirely replace these jobs

Surely replacing all of the humans with robots would do wonders for the bottomline, right?

Wrong. While you'd save payroll expenses, I suspect there would be a dive in revenue.

People don't just go to Starbucks for coffee and free WiFi. They don't just sit at the Turning Stone blackjack tables to play blackjack.

Starbucks and casinos are experience businesses. There's hospitality involved.

As our world gets more cold and mechanical, people will pay a premium to interact with - take a guess - other people!

If you want a $1 cup of coffee, head to McDonald's.

If you want to gamble pennies with a machine, head for slots and/or Resorts World New York.

Resorts World circa April 2013
Resorts World circa April 2013

The point

The same people who want these...

CheapCoffeeCheapGambling

... are not the same people who want these...

PricierCoffeePricierGambling

The middle ground

Technology can open up a middle ground. Actually, I'd say it already has.

Let It Ride is a total pain in the ass to deal. It wouldn't be possible without an automatic shuffler, and this little computer built into the table which helps track payouts.

Adding ticket in, ticket out (TITO) technology to table games would maximize the time dealers can actually deal their games instead of farting around with chip/cash exchanges.

Related post: The Merits of TITO for Table Games

But for the best example, look to the gaming paradise of Macau. The Asian Las Vegas.

They have traditional table games there with a human dealer and about six seats. Average minimum per hand of blackjack is equal to $36, I've heard.

What about people who want to play blackjack for less? There are these setups with 50 seats to 1 dealer. People sit down at these terminals that show the dealer's cards, and their cards are virtual. The minimum per hand is closer to $1.

Image credit - CalvinAyre.com
Image credit - CalvinAyre.com

Now you're catering to guests who don't want to spend as much per hand, or maybe don't want as much social intimacy, however they still want to play blackjack.

Briefly addressing the barista example - I'm guessing a lot of the mechanics behind Starbucks' counters involve some degree of automation. More efficient machinery allows a greater number of customers to be served by the same number of baristas.

Conclusion

McDonald's and Starbucks have different clientele for coffee. I've written before how McDonald's is going to be fully automated, and the corporation will have the last laugh on $15/hr fast food workers in New York state.

If Resorts World New York and Turning Stone were somehow in the same town, they'd have different clientele for gaming. At Resorts World everything's a machine. Even roulette and craps.

Image credit - JustLuxe
Image credit - JustLuxe

As unmanned systems become more prevalent in person-facing businesses, experiences and human employees will fetch a premium.

In those cases, management will want to make sure those employees have the tools to be as efficient as possible.

i.e. ticket in, ticket out for gaming tables would increase hands per hour and drive greater revenue at the same payroll costs

2015 in Review

My posting frequency here has slowed considerably, and some of my readers may be wondering what I've been up to.

In regard to this site - professional obligations ramped up. I am presently working in the defense industry, where end of fiscal year is an especially busy time because of how project funding works. Career and real business come before this website (hobby).

In regard to me - I'll provide an overview of the year. A little unusual as I tend to not write strictly about myself here.

Like to start posts with a picture. Here's my chin
Like to start posts with a picture. Here's my chin

TL;DR

2015 was my best year yet, life/I improved on all fronts. Career, social, financial, travel, gym, learning, etc etc. The foundations for 2016 to be even better are already in place.

Get better every year and every year gets better.

January

Most of January I was in Syracuse - snowmobiling, lifting weights, programming the backend of now-defunct Ging Casino, and spending time with my grandmother (who would pass away early February, RIP).

Pointing at me - 1/1/2015
Pointing at me, turning 93 - 1/1/2015

At the end of the month I flew back to New York for my last semester at St. John's.

February - May

Last semester of undergraduate. Like the end of high school, I enjoyed the hell out of it and still finished strong academically.

Evan Saez and I finally had a class together. The professor unexpectedly retired afterward.

Best show of the semester was probably Chainsmokers, Bebe Rexha, and Grandtheft at Terminal 5.

Advice - don't take college too seriously. Go to a recognizable school, go for STEM, keep your GPA > 3.0, and focus on your core classes. Don't obsess over all your grades because that's unnecessary stress + energy expenditure.

Throwback to my first bachelor pad, rented out here
Throwback to my first bachelor pad, note the alphacinno

I did job research at the beginning of the semester and decided I wanted to work at Lockheed Martin. For the Syracuse area, nothing comes close for software. I would 100% be living elsewhere if I didn't land my current job.

Also: within LM, Syracuse has the strongest software reputation in our business unit (MST).

Around April they flew me up from New York to interview. I got an interview because of (a) strong technical web presence and (b) not screwing up the initial phone screen. Prepare before your phone screens.

Related post: Developing a Technical Web Presence

I don't get people who just go into interviews cold. Do your homework on the company, find out as much as you can about phone screens and interviews beforehand with sites like Glassdoor. For performance enhancement, I'd recommend at least caffeine (but not before the phone screen). Push the odds in your favor.

Note: will write about less vanilla performance enhancement for the workplace when I am in a position to do so.

In the interview, I had to rely mostly on talking about my software engineering class. However, what definitely pushed me in the clear was technical learning I'd done on my own. I could speak strongly about version control, databases, and several programming languages. Stuff that wasn't covered so heavily in school.

Related post: How to Supplement the St. John's CS Program

Anyway, accepted the job offer with Lockheed then had to do a ton of paperwork for the DoD.

May ended up being a mixed month. I got the news that I couldn't start with LM for about 5 months, due to the Office of Personnel Management hack. That incident considerably slowed down hiring for the entire defense industry. My own records and fingerprints were compromised.

But on the positive side I graduated...

HahaHA / derp, St. John's
hahaHA

... and traveled Italy for 2 weeks. I hadn't been to Italy since 2011 - it was great to be back, see more of the country than last time, and brush up on my Italian. Ho studiato per cinque anne in scuola media.

Being serenaded in Venice
Being serenaded in Venice

June - August

After returning from Europe I spent most of the summer in Syracuse. Tanning, playing loud EDM from my car like a douchebag, being at the mall too much, but also working on open-source projects.

A resurgence of new DGM content would start coming about. That higher publishing frequency has been sustained to the present.

In July I went back to New York to work with Evan and his team at LIFARS for a while. It was my first time formally working infosec, but managed to uncover major session issues while testing a hybrid mobile app.

Professional people
Professional people
Also went to Coney Island for the first time
Also went to Coney Island for the first time - basically East Syracuse Walmart with amusement rides

Following that I interviewed with NYCM Insurance for software development. About a day later I wrote my post 'Stagnant = Obsolete', thinking I was about to embark on some wondrous journey with them.

8/2? - was in Chicago for Lollapalooza

8/16 - turned 21

8/17 - started at NYCM and spent a month being bored to tears. In The Four-Hour Workweek, Tim Ferriss says something to the effect of "the opposite of happiness is not sadness, but boredom." He was right.

September

During that month at the insurance company, I updated most of their Java ServerPages (there are a lot) to HTML5. However nobody knew this at the time and never received actual instructions.

Paraphrasing boss' boss - "the way things work around here, if you look busy, everyone will assume you're busy and leave you alone." Great policy!

Related post: The Truth About (Most of) Corporate IT

Also wrote a blackjack game in PowerShell, obfuscating the code as I went along. 🙂

About halfway into September I decided to quit. It was going to be super awkward, because everyone thought I was going to stay there forever like them. My plan - to announce my resignation over email, 10 minutes after I walked out that day. I had arranged to leave an hour early so everyone would see it.

The issue - there wasn't a way to schedule an email to go out with their version of IBM Lotus Notes. Not even writing LotusScript. So I wrote a PowerShell script - with WASP - to effectively resign for me. It was the closest thing to real software engineering I did there.

Note for other upstate NY software guys: you won't starve on what NYCM pays but it's not competitive. In my first 3 months at Lockheed (with OT) I made 8x what I did in 1 month at NYCM.

Busywork HQ

That night I flew to New York to start a redesign of the LIFARS site. By the end of the month it was up, unlike anything I'd ever developed for IgetCOMPED / EventWizler.

Related post: Are you a wantrepreneur?

https://lifars.com

October - December

Opening of October was a little weird. I took a trip to San Juan, where I managed to finish a pen test for LIFARS in between drinking, gambling, and Road to Ultra. Halfway through the trip, my dad flew down and we got lost in the rainforest with the world's dinkiest rental car.

El San Juan Casino to the left. :)
Balcony of my rental - El San Juan Casino to the left 😉

After getting back I started at LM as a software engineer, focusing on unmanned and autonomous systems. I'm surrounded by brilliant people who work really hard.

As a kid I was into robots. Here I've written about Skynet. Now I get to develop what used to be science-fiction.

Related post: How I Published Two Books at Age 14

I worked overtime from week one up until Christmas Eve, hence the sharp decline in posting. Somehow also found travel time for Toronto and New York.

OT is done for the near future, but a new side project will be eating up my free time. Do not expect much activity on this site for a while.

General notes / conclusion

Apply to self-development: what can be conceived can be created.

Improve everything. Maintain if you hit a ceiling. Optimize as much as possible.

And then every year will be better than the last.


For more timely updates on what I'm up to, have been active on Instagram.

The Truth About Most of Corporate IT

At this point I've been in two full-time programming positions. I've learned how a handful of other firms operate through infosec work on the side, and testimonies from friends. My eyes are open.

When you're looking to work in IT, there are some things you need to be aware of.

Legacy code

I'm sure you've heard bad things about legacy code. It's often used as the butt of a joke by technical writers.

In the back of your mind, you probably think "I'm supposed to laugh at these jokes, however in reality things can't be that bad, right?"

Wrong. Things are that bad.

Legacy code = when our technology was first starting to get outdated and old (or practices were deprecating), instead of doing an overhaul or updates then, we ignored the warning signs and kept building onto it and now everything's a real shit show and you have to put up with it.

You want to go:

  • "Uhhhhh Internet Explorer shouldn't be the only supported browser."
  • "Tables shouldn't be used to style a page."
  • "MongoDB is the least appropriate database for financial transactions."
  • "Why can I perfectly replicate the session by copying unencrypted cookie data?"
  • "Netscape doesn't exist any more."
  • "There is presently zero browser support for this."
  • "Money shouldn't be a float."
  • And so on.

What does the rational-thinking person do when their house is falling apart? They fix the house. They wouldn't dream of putting on an addition. The house itself is falling apart, after all.

Legacy code is a house that's falling apart. And you'll be asked to build additions onto it. Watch out for rusty tetanus nails and falling beams.

Image credit - Dreamstime
Image credit - Dreamstime

Doing nothing

One of my close friends had a technical support internship this last summer. He would tell stories about how he sat at work all day, doing nothing. Like one call would come in a day.

I thought, "Surely he must be exaggerating."

Then I started my first programming position. For the last half of my first day, after a tour and lunch, I sat there doing nothing.

"This must just be a first day thing."

Then for the next couple days I did nothing. My supervisor came over at one point, and I go, "Is there something I'm supposed to be doing?"

I got some documentation to read and installs to do. That took me two days.

In the task / performance management system, the due date was a month out.

I would look at everyone else, at their monitors. They were talking about vacations or cookie recipes off Facebook, going on cruise websites, using their phones to go on Facebook, watching YouTube videos, whining, staring off into space.

Image credit - Giphy
Image credit - Giphy

For every 8 hour work day, I estimate about 1 hour of real work occurred. I got assigned like 2 hours of work a week because I was really new.

It got to the point where I would just stare at the clock. Every couple minutes that went by, I'd try to focus on the fact I was a dollar richer.

I couldn't stand doing nothing at work, this horrible music playlist going all day. Everyone sitting there, babbling or anesthetized.

After a month I hopped to my current job for an 85% shorter commute and 35% pay bump.

Related post: Stagnant = Obsolete

Assignments. Mental stimulation. A purpose. These are what I need at work.

At the end of the day, I want to feel like I've achieved something for the firm.

I don't care what I'm being paid. The true enemy of happiness is boredom.

You know in those vampire movies where vampires took over the world, and now the remaining humans are in pods so their blood can be harvested? That's what "work" / those jobs can be like.

doing-nothing-at-work
Image credit - Scified

Pimps

Who are the pimps of corporate IT? IBM, Citrix, Oracle to name a few.

And, like legacy code, a lot of positions will have you being their bitch. The whole programming department will be their bitch because they seduced management years ago.

IBM goes, "Hey we'll give you this stuff for free."

Then two years later they come back and go, "Yeah you need to pay for that now."

In that two years, because of all these tricks like IBM-proprietary XML mapping, your firm is now heavily dependent on IBM.

Image credit - China Divide
Image credit - China Divide

Which brings us to our next point.

Money burning

If you have a keen eye, you might notice millions of dollars being wasted. If you have open eyes. If you have one half-opened eye.

A lot of this money will go to the pimps I just discussed.

Then more of it has to do with employees. Obviously, when you're doing nothing, you're not making the firm any money.

They pay people $30/hour, you see them delivering maybe $3/hour of value.

How does that math make sense? It doesn't.

Image credit - technical.ly
Image credit - technical.ly

Your corporate overlords, though, have a lot of money to play with. A lot to burn.

Instead of looking at the efficiency of current employees, they think things will progress more rapidly by bringing on new hires. Tolerating, even grooming, the same behavior as old employees.

For example, say a rational person is in charge of software. Every day there's a production build of this one program, and every day it gets pushed to Big Pimp servers.

Big Pimp Inc. is charging some queer amount for every push. Every day Big Pimp is getting paid.

At one point, somebody was like, "Hey there's this open-source alternative we could run the program on. We wouldn't have to pay Big Pimp hundreds of thousands of dollars a year."

Now, Big Pimp made you write the software in such a way that it's heavily tied to their servers. But two enterprising employees out of the hundred-person department managed to get the software working on this open-source alternative.

The rational manager would go, "That's fantastic, Employee-That-Works 1 and Employee-That-Works 2. Everyone else in programming is now going to stop what they're doing, and you two are going to lead everyone else to move the entire codebase to this open-source alternative. Nobody works on anything else until we are no longer dependent on Big Pimp."

Because it would save the company money every day.

But that's not what happens. It's easier to keep spending the money.

The real manager goes, "That's cool. It looks like that was really hard to do, so type up half-assed instructions on how you did it. I'll tell everyone to install this open-source thing on their computer, and if they get time they can try to get the software working on there too. But they probably won't succeed. Not a big deal, we'll keep paying Big Pimp. The money doesn't come out of my pockets. Let's bring on more people."

Image credit - Hip Hop Wired
Image credit - Hip Hop Wired

The bathroom

The last place I want to have a discussion with anyone? Bathroom.

There are certain people at your work who, instead of just making eye contact and nodding to you in the bathroom, will go "HEYYY. HOW'S IT GOING TODAY?"

And you're not friends, or buddies.

You've never seen them. Unless they pulled this trickery before, burning them into your memory.

Just watch out for those people.

Image credit - Living Edge
Image credit - Living Edge

End note (silver linings?)

There are jobs where you don't have to put up with all of this, at the cost of your sanity.

You find them with (a) small, lean-and-mean operations or (b) big corporate players who have their act together. Currently I'm grateful to be riding in the second boat.

So how do you figure this stuff out, before it's too late?

For big corporate players, you can use Glassdoor or similar sites.

For small operations, they'll hopefully be more open to having you come on for a trial period. Even if it's just working there a week.

By small, I mean like 30 or less people. The experience I'm mostly ranting about was with a 1,000 person company.

By nature, when you have 30 or less people, there isn't really money to waste yet. People are more apt to have laser-focused stuff to do.

Anyway. What I'm trying to say is it's a jungle out there. Good luck to the job hunters and job jumpers.

Derp. (Image credit - Next Level Pro)
Derp. (Image credit - Next Level Pro)

Counteracting Imposter WiFi Networks

This fault in mobile devices was recently covered in a LinkedIn Pulse article by Niels Kunis. I wanted to do it a little more comprehensively.

Image credit - 2.bp.blogspot.com
Image credit - 2.bp.blogspot.com

The threat

When your phone connects to an open WiFi network, it remembers that network afterward. An automatic connection occurs if it ever detects that network again.

For secured networks this isn't a big deal. Your phone reconnects based on the network name and key being the same.

But for unsecured networks, your phone only checks for the name.

I used to be a serious WiFi hopper at McDonald's - for reasons I'll be more vocal about once a 5-year statute of limitation is up - and their free network was always "attwifi."

Connect to attwifi at one McDonald's, your phone will automatically connect from now on at any McDonald's.

Convenient right? Except, what if I set up a portable malicious hotspot called attwifi? I'm carrying it around in a backpack or whatever. Your phone connects automatically. Now it's not much of a leap to do bad things to your phone.

Image credit - Escanav
Image credit - Escanav

Tools of the trade

Step for a minute into the shoes of someone who wants to take advantage of this, instead of protect against it.

You're going to want a WiFi Pineapple. Then set up an open wireless network with an SSID appropriate for who you want to target.

People who have used McDonald's WiFi before? attwifi.

St. John's studens? sjustudent, sjumobile, or one of their other networks. There are a bunch.

On your Pineapple you'll want to at least employ dsniff, karma and sslstrip. This is a good tutorial focusing on the latter two.

Image credit - WiFiPineapple.com
Image credit - WiFiPineapple.com

If you don't have a Pineapple, similar results could be achieved with through a laptop with mobile hotspot capabilities.

Or, you know, laptop and router. But portability is a big part of running this scheme successfully.

Protecting yourself

For any mobile device, you can turn off your WiFi when not on a network you absolutely trust. Have your phone "forget" open networks after you connect to them.

If you're running Android, the app Open WiFi Cleaner automates this for you. It's rather basic but gets the job done.

There isn't anything like this on iOS because Apple disallows apps from changing wireless settings.

Image credit - Northcloud
Image credit - Northcloud

Conclusion

Your phone is trusting to a fault.

Open wireless networks shouldn't be judged by their SSIDs.

A little paranoia beats having your identity or Bitcoin stolen, opening yourself up to blackmail, etc.

Related viewing

Watch this seven-year-old girl set up a rogue network.


LIFARS can secure your digital world. Email me or check out the newsletter.

Insurance is Gambling

I'm working in the insurance world now, and insurance isn't so different from gaming.

Both businesses rely on applied statistics. Formulas applied to real life, money goes back and forth, but the odds prefer the business.

Image credit - 365PSD
Image credit - 365PSD

Instead of dealers you have brokers ("loose") and agents ("tight"). They all have to be nice to you in order to earn a living. Though agents can walk away from "players" who are assholes.

Casinos do get the bonus of variance. The theoretical house edge could be 0.5% on a blackjack table, though that's based on 100 million trials and both sides having unlimited bankroll. The house has more money than you do. When you lose your $100, you'll probably leave. It's not like you're seriously getting $0.995 back on every $1 put forth. 20 hands may do you in.

They also have the luxury of a defined scope. What I mean by that is -- casino games are predictable. In life, which is what insurance quantifies and wagers on, things are wild. Technological advances change your house, car, and personal property. Medical advances change mortality rates and life expectancy. Pollution changes the weather and can make for more severe storms.

People have a love-hate relationship with both businesses. Sometimes the customer wins or their policy covers them for something dire. Other times the customer loses, or an insured hasn't had to used their policy in forever.

Partly because of that, and partly because of how much money they deal with, both donate a lot. Gambling gets taxed heavily so schools can benefit. Insurance companies tend to improve the communities they serve.

Gambling is hospitality and bringing formulas to fruition.

Insurance is hospitality and bringing formulas to fruition.

Grey Market Businesses of Tomorrow

Grey market businesses are intriguing. Where you're not sure whether operations are legal or not, due to lack of legislation.

Take ticket scalping. There weren't any laws on it for the longest time, then some came on the books. "Don't do that anymore", they seemed to say.

StubHub (eBay) popped up with a million lawyers. If you look on there, it kind of seems like more people are hustling tickets than ever.

Ticket scalping is a grey market because of neglect. You also get them when there are technologies emerging faster than the law can keep up with.

Image credit - Chapter 3

Crypto-Casinos

When Bitcoin was over $1000/unit for the first time and getting a lot of press, the legal ambiguity became apparent. And Americans had to wonder, as they traded BTC, whether this was really sanctioned by the government.

It's gotten to the point where the U.S. recognizes and allows cryptocurrencies. What about gaming sites that deal in them? Are those legal?

It's unclear, possibly varying by state. Nevada went after Bryan Micon over Seals with Clubs. There was some arguing in California over crypto gambling parlors. But those are areas where there's a lot of gaming laws on the books.

Say someone's in Wyoming. They run a Bitcoin gaming site, have a good accountant who's versed in cryptocurrencies, a lawyer who legally describes the site as dealing in "virtual currency", and they pay all their taxes.

Realistically I don't think anyone's coming after this person. Especially if they never directly convert Bitcoin to dollars.

A number of remote BTC casinos like SatoshiBet have disallowed American players. Who knows where they're based. Blocking U.S. players from gambling in Bitcoin is a "better safe than sorry" move, because of how cloudy the law is here.

Personally, I lean towards this not being legal. Later in the post I'll elaborate on why I no longer shout the virtues of crypto-gaming from the rooftops.

bitcoin-gambling
Image credit - Satoshi Slot

Robot Sex Houses

I have little doubt these are on the horizon. It'll probably play out like:

Buying a personal sex bot, at least a super realistic model, might cost thousands. So these robot sex houses (robrothels?) will pop up. People will schedule appointments online, it'll be $50/hour or something.

And then patrons get the benefits of (a) having a choice amongst different-looking robots and (b) professional cleaning of the units between appointments.

Sex robots in 2020 or whenever will be as lucrative as porn in 1999.

I'm leaning towards these being legal in the U.S. after an initial period of uncertainty.

sex-robot
Image credit - Fox News

Super Fast Food

The only reason I'd call this 'grey market' is there will be a huge backlash to begin with - people suing McDonald's. Fast food workers being laid off.

McDonald's and similar firms have been suspiciously quiet about the $15/hr New York fast food law. They could've responded with legal action.

But I'll bet they don't care. Because by the time they'd have to pay their people that much, two-thirds of those workers will be laid off. The rest will be robot overseers.

It's already the trend in France.

automated-fast-food
Image credit - YouTube

Plus is being heavily experimented with in Australia. That's largely considered a test market for the U.S. by fast food firms because (a) it's English-speaking and (b) it's isolated. Americans hear nothing about Australia.

Should you involve yourself with a grey market business?

Suffice to say you can infer where I stand on this. I more or less gave up on a dream, as it became seriously questionable whether carrying it out would be legal.

Are crypto-casinos legal in the U.S.?

What about robot sex houses (robrothels)?

I don't know. You probably wouldn't find out for sure until you're being charged with something, and your assets are being seized.

At that point the virtues of your technology don't matter.

If you're going to take the time to build a business, don't do it on an unstable foundation. There'll be a lot of stress over the possibility of collapse.

police-arrival
Image credit - The Fun Times Guide

Conclusion

A year ago, when I set out to build the Ging Casino platform, Bitcoin and other cryptocurrencies were taken less seriously. The IRS had just put out something that basically called it digital property, like an MP3 file.

Since then a series of events (i.e. Nevada going after Micon) made me uneasy about continuing development. I've been busy with a ton of unrelated work, regardless.

I was never secretive about what I was doing - it was prominently on my LinkedIn for a long time. The legality wasn't as ((questionable syn)) when I started.

Ultimately, the project honed my technical skills a lot. The scope was huge and probably over-ambitious. But I've since distanced myself. It's been about a year - now it's to rest.

Had I opened the site, there would've been a lot of looking over my shoulder and wondering. Not to mention fixation on the BTC/USD prices.

If we don't have integrity, what do we have? Today's doings are tomorrow's fate.

It’s Time for an Oracle Bug Bounty Program

oracle-bug-bounty

If you haven’t heard by now, several days ago Oracle Chief Security Officer Mary Ann Davidson used the corporate blog to go on a scriptural tirade. In her now-deleted post, Davidson went on the offensive towards bug bounty programs and any third-party poking into Oracle software.

“Please comply with your license agreement and stop reverse engineering our code, already,” wrote the CSO, who presumably reads all license agreements in their entirety before clicking ‘accept.’

Davidson goes on to make the following points:

  • Customers can’t determine whether something they found is a false positive or not
  • Only vendors can make a patch
  • And how many times does she have to say you’re violating the license agreement

If interested, backups of the post exist. One instance is here on InfoSecNews.

Naturally this yielded a strong response from the cybersecurity community. A response that makes one wonder if the post originated not with Davidson, but the Oracle marketing department.

Imagine it was planned out like this - first the post would go up from Davidson. Then it's taken down, and by now everyone is talking about it. Major press from Business Insider to Fortune to Ars Technica.

Next Oracle issues an apology. Edward Screven, Oracle’s Chief Corporate Architect, has already done so: “We removed the post, as it does not reflect our beliefs or our relationship with customers."

And finally, while Oracle still has the cybersecurity world’s ear, it’s the perfect time to say, “Despite what Davidson posted, Oracle believes in bug bounties. We’re announcing a bug bounty program.” A marketing move right out of the Ryan Holiday playbook.

Other massive firms see the value of bug bounty programs. One look at HackerOne and you’ll see offerings from Yahoo, Twitter, and Adobe. Microsoft recently raised its own reward to $100,000.

Bug bounties give whitehat operators worthwhile research to do during off-time. Plus it’s not hard to imagine they entice would-be blackhat operators too, preventing malicious acts and bad press.

On all sides of the ethical fence, many cybersecurity operators probably view the Davidson post as a challenge. Oracle can choose to utilize that constructively or await possible backlash.

The monetary cost of a bug reward is small compared to a breach. Those cost firms money and the trust of their customers.


LIFARS can secure your digital world. Email me or check out the newsletter.

Developing a Technical Web Presence

One of my relatives is going into computer science after just graduating high school. This advice is written with him in mind, but applies to all technical majors:

Develop a web presence.

In this field, that at least means a Github and LinkedIn. I also like Crunchbase.

The best time to start on these is your first semester. Your Github can then represent your whole history of learning to program. Plus the longer pages are up, the better they do with Google rankings.

github-crunchbase-linkedin

Myself as an example

Since last August, when I started this site, the Google results for "randy gingeleski" have changed immensely.

When you used to search me, you'd see all DGM videos and my old books. Neither helped establish professional credibility.

Now search results turn up this site, then Crunchbase, plus a bunch of images so people know what I look like, then LinkedIn and so on.

Screen Shot 2015-08-06 at 2.26.00 PM

Technical interviewers always ask about stuff from my Github or posts I've written here.

And (humble brag) every interview I've done has yielded an offer. Part of it is prepping heavily for each, part of it's making a good impression before you even step in the door.

Intro to Git and Github

Git is a type of version control software. At St. John's, they didn't touch on version control until my second-to-last programming course.

You should learn about it in your very first programming course. It's not hard to understand, and will help you immensely.

Image credit - Daniel Strunk
Image credit - Daniel Strunk

What's version control? It's like a "save" in a video game. If you get lost, you can reload from the last save point.

Every "save" in version control is called a "commit". You can "push" those commits somewhere to back them up.

And Github is a place to back up work you've committed with Git. To an extent, it's also a social place for programmers.

When applying for a programming job or internship, someone from that firm will (1) try to see if you have a Github profile and (2) look through what code is there to get a sense for your skills.

Screen Shot 2015-08-06 at 3.17.05 PM

Git + Github setup

  1. Sign up for Github.
  2. If you're a student and have a .edu email address, grab the Github Student Developer Pack.
  3. Learn Git from the command line (tutorial). There's a desktop app, but eventually you'd have to learn command line version control anyway.
  4. As you do your programming lab work, back it up to public Github repositories.

Preferably making commits between separate features, and trying not to commit things that don't work.

See my Github here.

LinkedIn

Make a LinkedIn profile, then go into your settings and play with them.

When people who aren't connected to you see your page, I suggest just showing them a summary and little else.

Screen Shot 2015-08-06 at 4.05.07 PM

For headlines:

  • Never use "Student at Blahblah University" as your headline. That's downplaying yourself.
  • Or "Aspiring Entrepreneur" if you've never started or failed at a business. That's something you're not.
  • Or something long and stupid like "Master of sales, lover of people | CISSP, ACE, WTF".
  • Just keep it short and sweet.

And the summary should be abrupt too. Everybody in the world will see this.

Here's one that's questionable:

linkedin-summary-example

For jobs? Things that are relevant to what you're doing now. Or your most recent job.

I keep my time at Turning Stone on there because I'm still involved with internet gaming.

I'm working as a software engineer. You'll see my affiliations with NYCM and Lockheed Martin.

My roles with the shady Jet Set Events, IgetCOMPED, and EventWizler don't make an appearance.

Don't be like this long job list that's going nowhere fast:

For your picture, make it appropriate to your industry. Tech is mostly casual dress now. You can get away with something like I have.

If you're trying to sell insurance, you probably need a picture in a tie.

Try not to look like a dweeb.

For connections, mine are people I would help and who I believe could help me. Otherwise they're ignored / deleted.

Two examples:

A: My cohort Evan Saez knows half the universe. Sometimes random people reach out to me because I'm easy to reach. We introduce each other to people.

B: A stranger from Binghamton connected with me. He designs casino games. If he hadn't turned out to be a lunatic, we could've gone to lunch and helped each other.

I don't have a lot either. Quality over quantity.

Skill endorsements and personal endorsements mean next to nothing.

See my LinkedIn here.

Crunchbase

What's Crunchbase? It's information on all the firms and players in the tech industry.

Make a page if you want to be a player too.

Like Wikipedia, it's curated freely by users and gets a lot of link juice from Google.

Mine has a short info blurb, links to my other web profiles, a bunch of pictures, and some press one of my projects received.

Screen Shot 2015-08-06 at 3.26.56 PM

It takes just a few minutes and helps establish you professionally.

See my Crunchbase here.

Miscellaneous notes

If any of your social media profiles aren't helpful to your image, make them private. Like if you're binge drinking or using explicit language.

My Facebook is private. There's nothing bad per se, but it's a lot of old pictures and family stuff. That doesn't have to be public.

My Twitter? Blank. Just a parked page.

Instagram? Travel and whatever. I feel like it's more intimate than my blog, which might come off as cold or intense at times.

If you have a common name like 'John Smith', use a different one. Make it 'JK Smith' or 'John Harold Smith' or whatever.

Luckily I only compete for 'Randy Gingeleski' with my dad.

Conclusion

You're a computer science student. You're expected to be proficient with computers.

When you're applying for jobs or internships, they will Google your name. It's not even a question.

Demonstrate computer proficiency by tightly controlling your Google results. Like I've written here, Github and LinkedIn are a good start.

From there, learn about domain names and hosting. I use Namecheap and Dreamhost for my personal stuff. Both services are heavily documented.

Good CS principle - strong documentation makes for code everyone can understand. Not just you.

Everything that pops up should make you look good. Someone who would be a pleasure to work with and deserves a lot of money.

Image credit - Pinterest
Image credit - Pinterest

Related viewing

Have ten minutes? Watch this personal branding course on Uncubed Edge.

I wrote about Edge before and now it's free. Great content on there.

Related posts

Stagnant = Obsolete

Tangibility & Computer Science

What Does Computer Science Have to Do with Business?